Unchecked external calls describe any situation where a smart contract invokes another contract or address (via call, delegatecall, staticcall, or high-level calls like transfer/send) without fully accounting for the callee’s behavior, return value, or reentrancy potential. The calling contract implicitly trusts that the callee will behave as expected—returning success, not re-entering, and not executing arbitrary logic. When that assumption is violated, the caller can be left in an inconsistent state or exploited.
This affects all contract types that perform external interactions: DeFi (token transfers, DEX swaps, vault deposits, flash loan callbacks), NFTs (transfers with hooks, marketplace payouts), DAOs (execution of proposal calldata), bridges (message relay, asset transfers), and composable protocols (arbitrary callbacks, ERC-777/ERC-721/ERC-1155 receiver hooks, ERC-4626 deposit/withdraw hooks). On non-EVM chains, analogous patterns exist (e.g., Move’s vector::borrow, Solana CPI) where cross-program invocations can re-enter or behave unexpectedly.
Few areas to focus on:
Token transfers (ERC-20, ERC-721, ERC-1155) and non-standard return values or reverting behavior
Callback and hook interfaces (ERC-777 tokensReceived, ERC-4626 afterDeposit/beforeWithdraw, onFlashLoan, onERC721Received)
Low-level calls (call, delegatecall, callcode) and gas/storage implications
Composability flows (vault calling strategy, strategy calling DEX) where reentrancy can cross multiple contracts
Attackers exploit:
Reentrancy by implementing malicious logic in callbacks or in tokens that hook into transfers (see SC08)
Silent failures when return values are ignored (e.g., non-returning ERC-20s) and state is left inconsistent
Unexpected code execution when calling user-supplied or protocol-configurable addresses
Unchecked external calls are rarely the sole root cause but are a critical enabler for reentrancy (SC08), business logic exploits (SC02), and accounting inconsistencies.
事例 (脆弱なチェックされていない呼び出しパターン)
// SPDX-License-Identifier: MITpragmasolidity^0.8.20;interface IToken{functiontransfer(addressto,uint256amount)externalreturns(bool);}contract VulnerablePayout{ IToken public token;mapping(address=>uint256)public rewards;constructor(IToken_token) { token = _token;}functionclaim()external{uint256 amount = rewards[msg.sender];require(amount >0,"no rewards");// Vulnerable: does not check return value or reentrancy token.transfer(msg.sender, amount);// State update after external call rewards[msg.sender]=0;}}
Issues:
The transfer call’s return value is ignored; if transfer fails, rewards remain non-zero but the user did not receive tokens.
State is updated after the external call, opening reentrancy possibilities (if the token is malicious).
事例 (堅牢化された外部呼び出し処理)
Security Improvements:
State is updated before the external call, limiting simple reentrancy on rewards.
The token transfer’s return value is checked; failure results in a revert, preventing silent inconsistencies.
Note: For full reentrancy protection, see SC08 and consider ReentrancyGuard, checks-effects-interactions, and pull-based patterns.
2025 ケーススタディ
GMX (July 2025, $42M loss)
Unsafe external interactions and state updates after external calls allowed attackers to re-enter and manipulate accounting. The executeDecreaseOrder function transferred control to an attacker-supplied contract address during the refund process, enabling reentrancy. External call ordering, lack of proper checks, and reliance on assumptions about callee behavior amplified the impact.
Arcadia Finance (July 2025, $3.5M loss)
The SwapLogic._swapRouter() and RebalancerSpot contracts allowed arbitrary external calls to user-supplied router addresses via swapData parameters, without validating the callee. The attacker registered a malicious contract as both the router and a whitelisted ArcadiaAccount, then used the router callback to spoof privileged execution contexts and invoke setAssetManager() / flashAction(). The protocol assumed the router would not have elevated permissions—an assumption not enforced in code. Unchecked callbacks and trust in external callee behavior enabled the drain.